The vulnerability causing all the fuss is a flaw in Remote Desktop Services, which as the name implies lets you remotely control a far-off PC from a second PC.
The vulnerability in Remote Desktop Services is pre-authentication and requires no user interaction, which means that any malware using this flaw could propagate from computer to computer like the WannaCry ransomware attack in 2017.
"We are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows", the Microsoft Security Response Team wrote in a blog posting today. "Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening".
For highly likely, read absolutely certain: a malware propagation method like this is going to be appearing very soon since it's a low-priced, highly effective way of spamming out ransomware and trojans.
Customers who use an in-support version of Windows such as Windows 7 and Windows Server 2008 will receive the update if they have automatic updates enabled, while Windows XP users can download fixes from Microsoft's Update Catalogue or upgrade their version of Windows.
Microsoft says all supported versions of Windows are affected, including Windows 10, and comes down to the way Windows Error Reporting handles files.
Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130).
An attacker "could exploit this flaw to gain remote code execution" and is likely to be "exploited in the wild in the near future as attackers develop exploit code", Narang said.
CVE-2019-0708 does not affect Microsoft's latest operating systems - Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012. As is traditional, Adobe dropped 86 flaw fixes, mainly in Reader and Acrobat, and Citrix, too, has one of its own.
The patch came as part of Microsoft's monthly Patch Tuesday, which in May addressed 22 critical vulnerabilities.
This update is available normally via Windows Update, and you don't have to be in the Windows Insider program to receive it.
Microsoft's patch joins other fixes from companies including Apple and Google.